1queryparse(1)               General Commands Manual              queryparse(1)
2
3
4

NAME

6       queryparse - extract DNS queries from pcap capture files.
7

SYNOPSIS

9       queryparse  [-i input file ] [-o output file ] [-r recursion only ] [-R
10       parse responses ]
11

DESCRIPTION

13       queryparse is a tool designed to extract DNS queries from  pcap-format‐
14       ted  packet capture files and save them in a form suitable for input to
15       Nominum's dnsperf or resperf benchmarking tools.  queryparse will  only
16       examine  UDP  packets,  and  currently supports Ethernet and Cisco HDLC
17       frame types.
18

OPTIONS

20       -i filename
21              Attempt to extract DNS queries from filename, which should be  a
22              pcap-formatted  packet  capture session (e.g., a file created by
23              tcpdump or ethereal).
24
25       -o filename
26              Write queries to filename in a  format  suitable  for  input  to
27              Nominum's dnsperf or resperf benchmarking tools.
28
29       -r     Keep  queries  that  do not have the RD (recursion desired) flag
30              set.  This is useful when parsing packet captures from  authori‐
31              tative  nameservers.   When  parsing captures from caching name‐
32              servers, do not use it unless you also want to parse the  outgo‐
33              ing queries from the nameserver.  Defaults to discarding queries
34              with RD=0.
35
36       -R     Parse responses (QR=1) instead of queries (QR=0).
37

FILES

39       None
40

ENVIRONMENT

42       None
43

DIAGNOSTICS

45       None
46

BUGS

48       None
49

AUTHOR

51       Nominum, Inc.
52

SEE ALSO

54       dnsperf(1), resperf(1), pcap(3), tcpdump(8)
55
56
57
58                                                                 queryparse(1)
Impressum